Changelog for s6-networking. In 2.7.0.0 ---------- - Bugfixes. - Better API for s6-tlsc-io: now "s6-tlsc-io 6 7" is the equivalent of s6-ioconnect with TLS, and can be used interactively as a client program to talk to TLS-tunneled services. - The -K option for TLS programs now set a timeout for the whole handshake. - The -h option for s6-tcpclient and s6-tcpserver-access now indicates /etc/hosts should be consulted before DNS. In 2.6.0.0 ---------- - Bugfixes. - s6-tcpserver has been unified! no ipv4 and ipv6 separation anymore. * The only programs in the superserver chain are now s6-tcpserver, s6-tcpserver-socketbinder, and s6-tcpserverd. * s6-tcpserver-access still exists, should now run under s6-tcpserverd, still invoked once per connection. Doesn't spam the log anymore when invoked with no ruleset. * Options -4 and -6 removed from s6-tcpserver and s6-tlsserver. Protocol detection happens when the cmdline address is scanned. * Option -e removed from s6-tlsserver. It should now always invoke s6-tcpserver-access when needed (and only then). - Major performance improvements. s6-tcpserverd does not fork on systems that support posix_spawn. Also, its lookups are now logarithmic instead of linear (which only matters on *heavy* loads). In 2.5.1.3 ---------- - Bugfixes. In 2.5.1.2 ---------- - Bugfixes. - Adaptation to skalibs-2.13.0.0. In 2.5.1.1 ---------- - Adaptation to skalibs-2.12.0.0. In 2.5.1.0 ---------- - SNI wildcarding support in s6-tlsd-io. - New sbearssl_*_set_tain(n)_g convenience macros. - Bugfixes. In 2.5.0.0 ---------- - Adaptation to skalibs-2.11.0.0. - minidentd removed. - Full client certificate support. - Server-side SNI support. - s6-ucspitls[cd] -v2 now logs whether TLS is activated or not. In 2.4.1.1 ---------- - Bugfixes. In 2.4.1.0 ---------- - Bugfixes. - Handshake timeout now also works with the libtls backend. - The SNI server name is now exported after the handshake in the SSL_TLS_SNI_SERVERNAME variable. In 2.4.0.0 ---------- - Can be built against OpenSSL + libretls. - execline is now optional. - s6-tlsc and s6-tlsd rewrite. They're now wrappers around new binaries: s6-tlsc-io and s6-tlsd-io, which establish and run a TLS tunnel over already existing fds. - New functionality: s6-ucspitlsc and s6-ucspitlsd, for an implementation of delayed encryption. In 2.3.2.0 ---------- - New -e option to s6-tlsserver, to invoke s6-tcpserver-access unconditionally. In 2.3.1.2 ---------- - Bugfixes. In 2.3.1.1 ---------- - Bugfixes. In 2.3.1.0 ---------- - Adaptation to skalibs-2.9.0.0. In 2.3.0.4 ---------- - Compatibility with skalibs-2.8.0.0. - Conforming to the documentation, s6-tcpserver[46]d now prints its local port to stdout when it is ready, as a notification message. - Everything builds as PIC by default. In 2.3.0.3 ---------- - Compatibility with skalibs-2.7.0.0. - Optional nsss support added. In 2.3.0.2 ---------- - Bugfix release. - Compatibility with skalibs-2.6.0.0. In 2.3.0.1 ---------- - Bugfix release. In 2.3.0.0 ---------- - Added this NEWS file. :) - Major types overhaul to make them more POSIXly correct: compatibility with skalibs-2.5.0.0. - Fixed the "s6-tls[cd] does not die and the zombie application hangs around" bug. (It's really a workaround for a TCP bug.) - s6-tls[cd] ported to bearssl-0.3. Client certificates still not supported with BearSSL because Thomas is slooooooow at implementing the high-level server functions I asked him for :P - The meaning of the -Y option in s6-tlsd has changed: it now means "ask for an optional client certificate". Only valid with a LibreSSL backend for now.